ENISA was established by the European Union in 2004 in response to the growing number of threats to the European information systems. The agency’s aim is to increase the security level in networks and information systems in the European Union. Besides the Agency advises the European Commission and the Member States on issues related to Internet security, and also assists the European Commission in the technical preparatory work for updating and developing Community legislation to improve the resilience of Europe’s critical information infrastructure and networks.
The ‘Actionable information for Security Incident Response’ study is intended as a good practice guide for the exchange and processing of actionable information. The document consists of 120 pages, including attachments. The authors presented among others the aspects related to collecting, processing and exchanging information, and defined the recommendations on how to improve these processes. Furthermore, CERT Polska team developed detailed case studies that present various techniques and tools that can be applied to detect and prevent cyber attacks. The specialists presented, among others, the tools designed for the analyses of malware activity, botnet monitoring and reducing the growth rate of botnet. They also described the ways of the effective data exchange on a national level, because the faster and more completely a CERT can make actionable data available to network owners, administrators, ISPs, and hosting providers, the greater the chances of reducing the impact of attacks.
The ‘Actionable information for Security Incident Response’ guide is a pioneering project. We hope that it will not only contribute to improving the security of Internet users and their data, but will also intensify the exchange of expert knowledge among specialists and security incident response teams – says Piotr Kijewski, the Head of CERT Polska team. Extracting timely information, that can be immediately acted on from vast amounts of all types of data flowing in, still remains a challenge. This type of information is referred as “actionable information” and identified as one of the fundamental building blocks of successful incident response. The sooner incidents and vulnerabilities are detected and understood, the faster they can be handled and the less damage is caused – emphasizes Piotr Kijewski.